diff options
| author | delphij <delphij@FreeBSD.org> | 2017-06-06 07:21:33 +0000 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2017-06-06 07:21:33 +0000 |
| commit | 31c59906ec81f862e5f8ce88378fa26e2ff3156b (patch) | |
| tree | bc5ed9ac499610bee622336a6607191bdde3b6af /lib/libc/rpc/rpcb_prot.c | |
| parent | 1556d42b5bdc72d3b2a4d01c5f0e610c296a53cd (diff) | |
| download | FreeBSD-src-31c59906ec81f862e5f8ce88378fa26e2ff3156b.zip FreeBSD-src-31c59906ec81f862e5f8ce88378fa26e2ff3156b.tar.gz | |
MFC r319369:
* limit size of buffers to RPC_MAXDATASIZE
* don't leak memory
* be more picky about bad parameters
From:
https://raw.githubusercontent.com/guidovranken/rpcbomb/master/libtirpc_patch.txt
https://github.com/guidovranken/rpcbomb/blob/master/rpcbind_patch.txt
via NetBSD.
Approved by: re (kib)
Diffstat (limited to 'lib/libc/rpc/rpcb_prot.c')
| -rw-r--r-- | lib/libc/rpc/rpcb_prot.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/lib/libc/rpc/rpcb_prot.c b/lib/libc/rpc/rpcb_prot.c index c462e19..39a201c 100644 --- a/lib/libc/rpc/rpcb_prot.c +++ b/lib/libc/rpc/rpcb_prot.c @@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$"); #include <rpc/types.h> #include <rpc/xdr.h> #include <rpc/rpcb_prot.h> +#include <rpc/rpc_com.h> #include "un-namespace.h" bool_t @@ -62,13 +63,13 @@ xdr_rpcb(XDR *xdrs, RPCB *objp) if (!xdr_rpcvers(xdrs, &objp->r_vers)) { return (FALSE); } - if (!xdr_string(xdrs, &objp->r_netid, (u_int)~0)) { + if (!xdr_string(xdrs, &objp->r_netid, RPC_MAXDATASIZE)) { return (FALSE); } - if (!xdr_string(xdrs, &objp->r_addr, (u_int)~0)) { + if (!xdr_string(xdrs, &objp->r_addr, RPC_MAXDATASIZE)) { return (FALSE); } - if (!xdr_string(xdrs, &objp->r_owner, (u_int)~0)) { + if (!xdr_string(xdrs, &objp->r_owner, RPC_MAXDATASIZE)) { return (FALSE); } return (TRUE); @@ -162,19 +163,19 @@ xdr_rpcblist(XDR *xdrs, RPCBLIST **rp) bool_t xdr_rpcb_entry(XDR *xdrs, rpcb_entry *objp) { - if (!xdr_string(xdrs, &objp->r_maddr, (u_int)~0)) { + if (!xdr_string(xdrs, &objp->r_maddr, RPC_MAXDATASIZE)) { return (FALSE); } - if (!xdr_string(xdrs, &objp->r_nc_netid, (u_int)~0)) { + if (!xdr_string(xdrs, &objp->r_nc_netid, RPC_MAXDATASIZE)) { return (FALSE); } if (!xdr_u_int32_t(xdrs, &objp->r_nc_semantics)) { return (FALSE); } - if (!xdr_string(xdrs, &objp->r_nc_protofmly, (u_int)~0)) { + if (!xdr_string(xdrs, &objp->r_nc_protofmly, RPC_MAXDATASIZE)) { return (FALSE); } - if (!xdr_string(xdrs, &objp->r_nc_proto, (u_int)~0)) { + if (!xdr_string(xdrs, &objp->r_nc_proto, RPC_MAXDATASIZE)) { return (FALSE); } return (TRUE); @@ -289,7 +290,7 @@ xdr_rpcb_rmtcallres(XDR *xdrs, struct rpcb_rmtcallres *p) bool_t dummy; struct r_rpcb_rmtcallres *objp = (struct r_rpcb_rmtcallres *)(void *)p; - if (!xdr_string(xdrs, &objp->addr, (u_int)~0)) { + if (!xdr_string(xdrs, &objp->addr, RPC_MAXDATASIZE)) { return (FALSE); } if (!xdr_u_int(xdrs, &objp->results.results_len)) { |
